Open t-ushar opened 4 months ago
What is your PostgreSQL version and what is the value returned by SHOW ssl;
?
on (1 row)
PostgreSQL 15.6 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 8.5.0 20210514 (Red Hat 8.5.0-20), 64-bit (1 row)
Is this due to SSL=on? As in the code if EnableSSL has a value of 1 then increase the counter by 0.5.
/* Create new entry, if not present */
entry = (pgafEntry *) hash_search(pgaf_hash, &key, HASH_FIND, NULL);
if (entry)
{
if (EnableSSL)
fail_cnt = entry->failure_count + 0.5;
else
fail_cnt = entry->failure_count + 1;
elog(DEBUG1, "Remove entry in auth failure hash table for user %s", username);
hash_search(pgaf_hash, &entry->key, HASH_REMOVE, NULL);
}
Credcheck setting.
Baning setting.
Wrong password failure attempts:
In the below test case, the ban happened after 9 failures and banned the used at the 10th failure, however, it should have been banned on the 6th attempt.
below commands executed after around 5 seconds interval.
In DB it shows failure count 5 only, where at actual it's 10